Category: DZone Security Zone

Data is always on the move. Data flows across multiple interconnected systems, creating an expanded attack surface that spans Slack messages, browser-based AI tools, cache folders, and distributed cloud workloads. Security teams have long tried to keep up. While traditional…

Read more →

Most companies set up their AI document assistant the same way: give it access to the repository, then rely on it to filter results based on user permissions. When someone asks: “For the security audit, list all documents containing ‘confidential’…

Read more →

The average person juggles accounts with varying levels of security. Login fatigue may lead us to recycle passwords or trust personal information to dubious companies. There is also the ever-looming threat of data breaches, social engineering attacks, and brute force…

Read more →

Docker containers share the host kernel. A single misconfigured container can expose sensitive data, provide root access to the host, or compromise the entire infrastructure. This guide provides six practical labs that work on Linux, macOS, and Windows. The examples…

Read more →

In the current digital age, which largely revolves around the use of the internet, privacy and security, as well as access to the whole world, are some of the main concerns for individuals and businesses. One of the most effective…

Read more →

Infrastructure security has long been about protecting networks, hosts, and cloud platforms. Application security focuses on securing APIs, data flows, and business logic to protect critical assets. Both approaches are critical, but they can’t provide complete protection on their own.…

Read more →

Security architecture in hybrid environments has traditionally focused on well-known concepts such as OWASP vulnerabilities, identity and access management, role-based access control, network security, and the principle of least privilege. Best practices like secure coding and incorporating SAST/DAST testing into…

Read more →

In October 2025, I visited Devoxx Belgium, and again it was an awesome event! I learned a lot and received quite a lot of information, which I do not want to withhold from you. In this blog, you can find…

Read more →

The digital ecosystem breathes through trust. Every npm install, every pip install, every docker pull represents a leap of faith — a developer placing confidence in code written by strangers, maintained by volunteers, distributed through systems they’ve never seen. This…

Read more →

Abstract This article explores the transformative role of artificial intelligence (AI) and machine learning (ML) in cybersecurity. It delves into innovative strategies such as adaptive cyber deception and predictive behavioral analysis, which are reshaping defense mechanisms against cyber threats. The…

Read more →

The Edge Observability Security Challenge  Deploying an open-source observability solution to distributed retail edge locations creates a fundamental security challenge. With thousands of locations processing sensitive data like payments and customers’ personally identifiable information (PII), every telemetry component running on…

Read more →

It all started while I was working with a colleague on web security. I heard that their team is enabling HSTS as part of their Black Friday security upgrades to their website. The first question that popped into my mind…

Read more →

This paper outlines a practical approach to secure software engineering that brings together: Static and Dynamic Application Security Testing (SAST & DAST) Information Security Risk Assessment (ISRA) Software Composition Analysis (SCA) Continuous Vulnerability Management Measuring Security Confidence (MSC) framework OWASP…

Read more →

The platform team had done it again — a new version of the golden path was ready. Cleaner templates, better guardrails, smoother CI/CD. But as soon as it rolled out, messages started flooding in: “My pipeline broke!”, “The new module…

Read more →

The rapid ascent of artificial intelligence has ushered in an unprecedented era, often likened to a modern-day gold rush. This “AI gold rush,” while brimming with potential, also bears a striking resemblance to the chaotic and lawless frontier of the…

Read more →

Launching a SaaS startup is like riding a rocket. At first, you’re just trying not to burn up in the atmosphere — delivering features, delighting users, hustling for feedback. But, as you start to scale, you realize: security isn’t just…

Read more →

Nowadays, most application requires authentication and authorization due to increased threat levels, and not only do they need to be secured, but also scalable due to increased traffic volume. It’s not that the application doesn’t have authentication and authorization in…

Read more →

What Are Passkeys? You know how annoying it is to remember all those different passwords for every single website? And how terrifying it is when you hear about a company getting hacked, and suddenly, your password for that site might…

Read more →

Microservices at Adobe Adobe’s transformation from desktop applications to cloud offerings triggered an explosion of microservices. Be it Acrobat, Photoshop, or Adobe Experience Cloud, they are all powered by suites of microservices mainly written in Java. With so many microservices…

Read more →

The emergence of AI agents has created a “security ticking time bomb.” Unlike earlier models that primarily generated content, these agents interact directly with user environments, giving them freedom to act. This creates a large and dynamic attack surface, making…

Read more →